Kutshanje, inkampani yophando iJavelin Strategy & Research ipapashe ingxelo, "Imeko yoQinisekiso olomeleleyo ngo-2019." Abadali bayo baqokelele ulwazi malunga nokuba zeziphi iindlela zokuqinisekisa ezisetyenziswa kwiindawo zenkampani kunye nezicelo zabathengi, kwaye benza nezigqibo ezinomdla malunga nekamva lobungqina obuqinileyo.
Ukuguqulelwa kwenxalenye yokuqala kunye nezigqibo zababhali bengxelo, thina . Kwaye ngoku sinikezela ingqalelo yakho inxalenye yesibini - kunye nedatha kunye neegrafu.
Ukusuka kumguquleli
Andizukukopa ngokupheleleyo ibhloko yegama elinye ukusuka kwindawo yokuqala, kodwa ndisaya kuphinda umhlathi omnye.
Onke amanani kunye neenyani zinikezelwe ngaphandle kotshintsho oluncinci, kwaye ukuba awuvumelani nabo, ke kungcono ukuphikisana nomguquleli, kodwa kunye nababhali bengxelo. Kwaye nanga amagqabantshintshi am (abekwe njengezicatshulwa, kwaye aphawulwe kwisicatshulwa IsiTaliyani) zixabiso lam lokugweba kwaye ndiya kukuvuyela ukuxoxa nganye kuzo (kunye nomgangatho woguqulelo).
Uqinisekiso lomsebenzisi
Ukusukela ngo-2017, ukusetyenziswa kokuqinisekiswa okuqinileyo kwizicelo zabathengi kuye kwanda kakhulu, ngenxa yokufumaneka kweendlela zokuqinisekisa i-cryptographic kwizixhobo eziphathwayo, nangona kuphela ipesenti encinci yeenkampani zisebenzisa ukuqinisekiswa okuqinileyo kwizicelo ze-Intanethi.
Ngokubanzi, ipesenti yeenkampani ezisebenzisa ukuqinisekiswa okuqinileyo kwishishini labo liphindwe kathathu ukusuka kwi-5% kwi-2017 ukuya kwi-16% kwi-2018 (Umfanekiso 3).
Ukukwazi ukusebenzisa ungqinisiso olomeleleyo lwezicelo zewebhu lusanyinwe (ngenxa yokuba iinguqulelo ezintsha kuphela zezinye izikhangeli zixhasa unxibelelwano kunye neempawu ze-cryptographic, nangona kunjalo le ngxaki inokusombulula ngokufaka isoftware eyongezelelweyo efana ), iinkampani ezininzi zisebenzisa ezinye iindlela zokuqinisekisa kwi-intanethi, njengeenkqubo zezixhobo eziphathwayo ezenza iipassword zexesha elinye.
Izitshixo ze-cryptographic zehardware (apha sithetha kuphela abo bathobela imigangatho yeFIDO), ezifana nezo zibonelelwa nguGoogle, Feitian, One Span, kunye neYubico zinokusetyenziselwa uqinisekiso oluqinileyo ngaphandle kokufaka isoftwe eyongezelelweyo kwiikhompyuter zedesktop kunye neelaptops (kuba uninzi lwabakhangeli sele bexhasa umgangatho weWebAuthn ukusuka kwiFIDO), kodwa kuphela i-3% yeenkampani ezisebenzisa eli nqaku ukungena kubasebenzisi bazo.
Ukuthelekiswa kwamathokheni e-cryptographic (njenge ) kunye nezitshixo ezifihlakeleyo ezisebenza ngokwemigangatho ye-FIDO zingaphaya kwendawo yale ngxelo, kodwa kunye nezimvo zam kuyo. Ngamafutshane, zombini iindidi zamathokheni zisebenzisa i-algorithms efanayo kunye nemigaqo yokusebenza. Amathokheni e-FIDO okwangoku axhaswa ngcono ngabathengisi be-browser, nangona oku kuya kutshintsha ngokukhawuleza njengoko inkxaso yeephequluli ezininzi . Kodwa iimpawu ze-cryptographic zamandulo zikhuselwe yikhowudi ye-PIN, inokusayina amaxwebhu e-elektroniki kwaye isetyenziselwa ukuqinisekiswa kwezinto ezimbini kwi-Windows (nayiphi na inguqulelo), i-Linux kunye ne-Mac OS X, zinee-API zeelwimi ezahlukeneyo zeprogram, ezikuvumela ukuba uphumeze i-2FA kunye ne-elektroniki. utyikityo kwi-desktop, ii-mobile kunye nezicelo zeWebhu, kunye neempawu eziveliswe eRashiya zixhasa i-algorithms ye-GOST yaseRashiya. Kwimeko nayiphi na into, ithokheni ye-cryptographic, kungakhathaliseki ukuba yintoni umgangatho owenziwe ngayo, yindlela yokuqinisekisa enokwethenjelwa kwaye efanelekileyo.
Ngaphaya koKhuseleko: Ezinye iiNzuzo zoQinisekiso olomeleleyo
Akumangalisi ukuba ukusetyenziswa kobungqina obuqinileyo bubotshelelwe ngokusondeleyo kukubaluleka kwedatha kwiivenkile zeshishini. Iinkampani ezigcina ulwazi olunobuntununtunu (PII), olufana neenombolo zoKhuseleko lweNtlalo okanye iNkcukacha ngeMpilo yoBuqu (PHI), zijongene nolona xinzelelo lukhulu lwezomthetho nolulawulayo. Ezi ziinkampani ezingabaxhasi abanobundlongondlongo bobuqinisekiso obuqinileyo. Uxinzelelo kumashishini lunyuswa ngokulindelekileyo kubathengi abafuna ukwazi ukuba imibutho abayithembayo ngedatha yabo ebuthathaka kakhulu isebenzisa iindlela zokuqinisekisa ezinamandla. Imibutho ephethe i-PII ebuthathaka okanye i-PHI inokwenzeka ngokuphindwe kabini ukuba isebenzise ungqinisiso olomeleleyo kunemibutho egcina kuphela iinkcukacha zoqhagamshelwano zabasebenzisi (Figure 7).
Ngelishwa, iinkampani azikakulungeli ukuphumeza iindlela eziqinileyo zokuqinisekisa. Phantse isinye kwisithathu sabenzi bezigqibo zeshishini bajonga amagama ayimfihlo njengeyona ndlela isebenzayo yokungqinisisa phakathi kwabo bonke abadweliswe kuMfanekiso 9, kwaye i-43% ithatha amagama ayimfihlo njengeyona ndlela ilula yokuqinisekisa.
Le tshati iyasiqinisekisa ukuba abaphuhlisi bezicelo zoshishino emhlabeni jikelele bayafana ... Ababoni inzuzo yokuphumeza iindlela zokhuseleko lokufikelela kwi-akhawunti ephezulu kwaye babelane ngeengcamango ezifanayo. Kwaye kuphela izenzo zabalawuli zinokutshintsha imeko.
Masingachukumisi amagama ayimfihlo. Kodwa yintoni omele ukholelwe ngayo ukukholelwa ukuba imibuzo yokhuseleko ikhuselekile ngakumbi kuneempawu ze-cryptographic? Ukusebenza kwemibuzo yokulawula, ekhethiweyo nje, kuqikelelwa kwi-15%, kwaye i-hackable tokens - kuphela i-10. Ubuncinane ubukele ifilimu ethi "Illusion of Deception", apho, nangona ikwifom engokomfanekiso, kuboniswa ukuba kulula kangakanani amagqirha. watsala zonke izinto eziyimfuneko kwiimpendulo usomashishini-ubuqhophololo waza wamshiya engenamali.
Kwaye enye inyani ithetha okuninzi malunga neziqinisekiso zabo banoxanduva lweendlela zokhuseleko kwizicelo zabasebenzisi. Ekuqondeni kwabo, inkqubo yokufaka igama eliyimfihlo ngumsebenzi olula kunokuqinisekisa usebenzisa i-cryptographic token. Nangona, kubonakala ngathi kunokuba lula ukudibanisa ithokheni kwizibuko le-USB kwaye ufake ikhowudi ye-PIN elula.
Okubalulekileyo, ukuphumeza ukuqinisekiswa okuqinileyo kuvumela amashishini ukuba ahambe ekucingeni malunga neendlela zokuqinisekisa kunye nemithetho yokusebenza efunekayo ukuthintela izicwangciso zobuqhetseba ukuhlangabezana neemfuno zangempela zabathengi babo.
Ngelixa uthotyelo lolawulo luyinto ephambili ebambekayo kuwo omabini amashishini asebenzisa uqinisekiso oluluqilima kunye nalawo angalusebenzisiyo, iinkampani esele zisebenzisa ungqinisiso oluluqilima kusenokwenzeka ukuba zithi ukwandisa ukuthembeka kwabathengi yeyona metric ibalulekileyo abayiqwalaselayo xa bevavanya ubunyani. indlela. (18% vs. 12%) (Figure 10).
Uqinisekiso lweShishini
Ukusukela ngo-2017, ukwamkelwa kokuqinisekiswa okuqinileyo kumashishini kuye kwakhula, kodwa ngesantya esisezantsi kancinci kunezicelo zabathengi. Isabelo samashishini asebenzisa ukuqinisekiswa okuqinileyo kwenyuka ukusuka kwi-7% kwi-2017 ukuya kwi-12% ngo-2018. Ngokungafaniyo nezicelo zabathengi, kwindawo yoshishino ukusetyenziswa kweendlela zokuqinisekiswa kwe-non-password kuninzi kuxhaphake kwizicelo zewebhu kunezixhobo eziphathwayo. Malunga nesiqingatha samashishini anika ingxelo esebenzisa amagama omsebenzisi kunye neephasiwedi kuphela ukuqinisekisa abasebenzisi bawo xa bengena, kunye nomnye kwabahlanu (22%) abaxhomekeke kuphela kwiiphasiwedi zobungqina besibini xa ufikelela kwidatha ebuthathaka (oko kukuthi, umsebenzisi ungena kwisicelo kuqala esebenzisa indlela yoqinisekiso elula, kwaye ukuba ufuna ukufumana ufikelelo kwidatha ebaluleke kakhulu, uya kwenza enye inkqubo yokuqinisekisa, ngeli xesha ngesiqhelo usebenzisa indlela ethembeke ngakumbi.).
Kufuneka uqonde ukuba ingxelo ayithatheli ingqalelo ukusetyenziswa kwamathokheni e-cryptographic ukuqinisekiswa kwezinto ezimbini kwiinkqubo zokusebenza zeWindows, i-Linux kunye ne-Mac OS X. Kwaye oku okwangoku kukusetyenziswa kakhulu kwe-2FA. (Yeha, amathokheni adalwe ngokwemigangatho yeFIDO inokuphumeza i-2FA kuphela Windows 10).
Ngaphezu koko, ukuba ukuphunyezwa kwe-2FA kwi-intanethi kunye nezicelo eziphathwayo zifuna isethi yamanyathelo, kuquka ukulungiswa kwezi zicelo, emva koko ukuphumeza i-2FA kwi-Windows kufuneka uqwalasele i-PKI kuphela (umzekelo, ngokusekelwe kwi-Microsoft Certification Server) kunye nemigaqo-nkqubo yokuqinisekisa. kwi AD.
Kwaye ekubeni ukukhusela ukungena kwi-PC yomsebenzi kunye nesizinda yinto ebalulekileyo yokukhusela idatha yenkampani, ukuphunyezwa kokuqinisekiswa kwezinto ezimbini kuya kuba yinto eqhelekileyo.
Iindlela ezimbini ezilandelayo eziqhelekileyo zokuqinisekisa abasebenzisi xa bengena kwiiphasiwedi zexesha elilodwa ezinikezelwe nge-app eyahlukileyo (i-13% yamashishini) kunye neephasiwedi zexesha elilodwa ezithunyelwa ngeSMS (12%). Nangona ipesenti yokusetyenziswa kweendlela zombini zifana kakhulu, i-OTP ye-SMS isoloko isetyenziselwa ukunyusa izinga lokugunyazwa (kwi-24% yeenkampani). (Umfanekiso 12).
Ukunyuka kokusetyenziswa kokuqinisekiswa okuqinileyo kwishishini kunokwenzeka ukuba kubangelwa ukufumaneka okwandisiweyo kwe-cryptographic authentication uphumezo kwiiplatifti zolawulo lwesazisi seshishini (ngamanye amazwi, i-SSO yeshishini kunye neenkqubo ze-IAM zifunde ukusebenzisa amathokheni).
Ukuqinisekisa ngemfonomfono yabasebenzi kunye neekontraka, amashishini axhomekeke kakhulu kwiiphasiwedi kunokuqinisekisa kwizicelo zabathengi. Ngaphezulu kwesiqingatha (53%) samashishini asebenzisa amagama ayimfihlo xa eqinisekisa ukufikelela komsebenzisi kwidatha yenkampani ngesixhobo esiphathwayo (Umfanekiso 13).
Kwimeko yezixhobo eziphathwayo, umntu uya kukholelwa kumandla amakhulu e-biometrics, ukuba akunjalo kwiimeko ezininzi zeminwe yomgunyathi, amazwi, ubuso kunye ne-irises. Umbuzo omnye we-injini yokukhangela uya kutyhila ukuba indlela ethembekileyo yokuqinisekiswa kwebhayometriki ayikho nje. Izinzwa ezichanekileyo, ewe, zikhona, kodwa zibiza kakhulu kwaye zikhulu ngobukhulu - kwaye azifakwanga kwii-smartphones.
Ke ngoko, ekuphela kwendlela yokusebenza ye-2FA kwizixhobo eziphathwayo kukusetyenziswa kwamathokheni e-cryptographic aqhagamshele kwi-smartphone nge-NFC, iBluetooth kunye ne-USB Type-C interfaces.
Ukukhusela idatha yemali yenkampani yisona sizathu esiphezulu sotyalo-mali kwi-passwordless authentication (44%), kunye nokukhula ngokukhawuleza ukususela ngo-2017 (ukwanda kweepesenti ezisibhozo). Oku kulandelwa kukukhuselwa kwepropathi enomgangatho ophezulu wokuqonda (40%) kunye nedatha yabasebenzi (HR) (39%). Kwaye kucacile ukuba kutheni - hayi kuphela ixabiso elinxulumene nezi ntlobo zedatha eyaziwayo ngokubanzi, kodwa bambalwa abasebenzi abasebenza nabo. Okokuthi, iindleko zokuphunyezwa azinkulu kakhulu, kwaye bambalwa abantu abafuna ukuqeqeshwa ukuze basebenze kunye nenkqubo yokuqinisekisa enzima ngakumbi. Ngokwahlukileyo, iintlobo zedatha kunye nezixhobo uninzi lwabasebenzi beshishini abazifumana rhoqo zisakhuselwe kuphela ngamaphasiwedi. Amaxwebhu abasebenzi, iindawo zokusebenza, kunye nee-imeyile ze-imeyile zenkampani ziindawo ezinomngcipheko omkhulu, njengoko kuphela ikota yamashishini ekhusela ezi mpahla kunye nokuqinisekiswa kwe-password (Figure 14).
Ngokubanzi, i-imeyile yenkampani yinto eyingozi kakhulu kwaye evuzayo, iqondo lengozi enokubakho lijongelwa phantsi ngobuninzi beeCIO. Abasebenzi bafumana ii-imeyile ezininzi yonke imihla, kutheni ke ungafaki ubuncinci i-imeyile enye (oko kukuthi, ubuqhophololo) phakathi kwabo. Le leta iya kufomathwa ngohlobo lweeleta zenkampani, ngoko ke umqeshwa uya kuziva ekhululekile ukucofa ikhonkco kule leta. Ewe, ngoko nantoni na inokwenzeka, umzekelo, ukukhuphela intsholongwane kumatshini ohlaselwayo okanye ukuvuza amagama ayimfihlo (kubandakanywa nobunjineli bezentlalo, ngokufaka ifom yokuqinisekisa inkohliso eyenziwe ngumhlaseli).
Ukuthintela izinto ezinje ukuba zenzeke, ii-imeyile kufuneka zisayinwe. Emva koko kuya kucaca ngokukhawuleza ukuba yeyiphi ileta eyenziwe ngumqeshwa osemthethweni kwaye ngumhlaseli. Kwi-Outlook/Utshintshiselwano, umzekelo, imiqondiso ye-cryptographic-based signatures esekwe kwi-elektroniki yenziwe yasebenza ngokukhawuleza kwaye kulula kwaye inokusetyenziswa ngokudityaniswa nezinto ezimbini zoqinisekiso kwiiPC nakwimimandla yeWindows.
Phakathi kwabo baphathi baxhomekeke kuphela kwi-password yokuqinisekisa ngaphakathi kwishishini, isibini kwisithathu (66%) senza njalo kuba bakholelwa ukuba iiphasiwedi zibonelela ngokhuseleko olwaneleyo kuhlobo lolwazi olufunwa yinkampani yabo ukukhusela (Umfanekiso we-15).
Kodwa iindlela zokuqinisekisa ezinamandla ziya zixhaphaka ngakumbi. Ubukhulu becala ngenxa yokuba ukufumaneka kwabo kuyanda. Inani elandayo lesazisi kunye nolawulo lokufikelela (IAM) iinkqubo, iziphequluli, kunye neenkqubo zokusebenza zixhasa ukuqinisekiswa kusetyenziswa amathokheni e-cryptographic.
Ubungqina obunamandla bunenye inzuzo. Ekubeni igama eligqithisiweyo alisasetyenziswa (ifakwe i-PIN elula), akukho zicelo kubasebenzi abacela ukuba batshintshe igama eligqithisiweyo elilityelweyo. Oku kuthetha ukunciphisa umthwalo kwisebe le-IT yeshishini.
Iziphumo kunye nezigqibo
- Abaphathi bahlala bengenalo ulwazi oluyimfuneko lokuvavanya yokwenyani ukusebenza kweendlela ezahlukeneyo zokuqinisekisa. Baqhele ukuthembela ngolo hlobo iphelelwe lixesha iindlela zokhuseleko ezifana neephasiwedi kunye nemibuzo yokhuseleko ngenxa yokuba "yayisebenza ngaphambili."
- Abasebenzisi basenalo olu lwazi Ngaphantsi, kubo into ephambili Ukulula kunye nokulula. Logama nje bengenayo inkuthazo yokukhetha izisombululo ezikhuseleke ngakumbi.
- Abaphuhlisi bezicelo zesiko rhoqo akho sizathuukuphumeza uqinisekiso lwezinto ezimbini endaweni yegama lokugqitha. Ukhuphiswano kwinqanaba lokukhusela kwizicelo zabasebenzisi engekhoyo.
- Uxanduva olupheleleyo lwe-hack itshintshelwe kumsebenzisi. Nika igama lokugqitha lexesha elinye kumhlaseli - ukutyhola. Igama lakho eliyimfihlo liye labanjwa okanye lihloliwe - ukutyhola. Ayizange ifune ukuba umphuhlisi asebenzise iindlela zokuqinisekisa ezithembekileyo kwimveliso - ukutyhola.
- Kunene umlawuli Okokuqala kufuneka ukuba iinkampani ziphumeze izisombululo vimba ukuvuza kwedatha (ngokukodwa ukuqinisekiswa kwezinto ezimbini), kunokuba ukohlwaya sele yenzekile ukuvuza kwedatha.
- Abanye abaphuhlisi besoftware bazama ukuthengisa kubathengi indala kwaye ayithembekanga ngokukodwa izisombululo kwipakethe entle imveliso "entsha". Ngokomzekelo, ukuqinisekiswa ngokuqhagamshela kwi-smartphone ethile okanye ukusebenzisa i-biometrics. Njengoko kunokubonwa kwingxelo, ngokutsho ethembeke ngokwenene Kukho kuphela isisombululo esisekelwe kubungqina obuqinileyo, oko kukuthi, iimpawu ze-cryptographic.
- Enjalo uphawu lwe-cryptographic lungasetyenziselwa inani lemisebenzi: kuba ungqinisiso olomeleleyo kwinkqubo yokusebenza yeshishini, kwizicelo zeshishini kunye nomsebenzisi, ngenxa isandla sombane iintengiselwano zemali (ezibalulekileyo kwizicelo zebhanki), amaxwebhu kunye ne-imeyile.
umthombo: www.habr.com